Thank you all so much for helping looking into this! As the spectre
and meltdown vulnerabilities are widely impacted everywhere, I believe
there will be other people also need this. Having a pre-build binary
release should be a good thing in general.
On Sat, Apr 6, 2019 at 9:46 AM John Maddock via Boost
One thing we could look at for future releases would be to provide differently-named binaries for /Qspectre. Anyone else have thoughts on that?
For the name, how about spct or spectre or meltdown, since both s and
md might not be good ideas?
On Sat, Apr 6, 2019 at 10:31 AM Andrey Semashev via Boost
I don't think replacing built binaries with Spectre-protected ones is what we want, but adding them as an option might be possible. However, doubling the number of configurations of the built libraries would be too taxing. E.g. one package of Boost 1.69 (which corresponds to one version of MSVC at one bitness) is already 200-250 MiB, and that would have to double for the newer MSVC versions that support the flag. If we're going to package these binaries, maybe we should package them separately.
I do agree the package size is large today. If possible, I wonder if we could try splitting the package with different types of run time library, which might cut the each package size by ~4x. I believe most of people don't mix the use of run time libraries, as you will run into link errors, so it should not add too much burden to everyone. And for our project, we are now managing all the dependencies with nuget, e.g. boost.filesystem with vc141: https://www.nuget.org/packages/boost_filesystem-vc141/. With this approach, we can greatly reduce the binaries we need to download. Thanks, Riff